Google addressed 62 vulnerabilities with the release of Android ‘s April 2025 security update, including two actively exploited zero-days. Google released Android ‘s April 2025 security updates to address 62 vulnerabilities, including two zero-day vulnerabilities (CVE-2024-53197, CVE-2024-53150) exploited in targeted…
Tag: EN
Kellogg’s Servers Breached, Hackers Steal Sensitive Data
WK Kellogg Co., one of the world’s leading cereal and snack manufacturers, has fallen victim to a significant data breach, exposing the sensitive information of an undisclosed number of individuals. The breach, which occurred on December 7, 2024, was only…
PoC Exploit Released for Yelp Flaw that Exposes SSH Keys on Ubuntu Systems
A proof-of-concept (PoC) exploit has been released for CVE-2025-3155, a critical vulnerability in GNOME’s Yelp help viewer that enables attackers to exfiltrate SSH keys and other sensitive files from Ubuntu systems. The flaw leverages improper handling of the ghelp:// URI…
Qevlar Raises $14M to Lead the Agentic AI Revolution
Qevlar leads the agentic AI revolution and raises $14 million in total funding, including a fresh $10 million round led by EQT Ventures and Forgepoint Capital International. The post Qevlar Raises $14M to Lead the Agentic AI Revolution appeared first…
Apple encryption appeal, Xanthorox AI tool, weaponizing CRM
Apple appeals UK encryption back door order Researchers warn about AI-driven hacking tool PoisonSeed campaign weaponizes CRM system Thanks to our episode sponsor, Nudge Security Nudge Security discovers every GenAI tool ever used in your org, even those you’ve never…
Can a DDoS Cyber Attack Lead to Political Warfare?
In the world of digitization, cyberattacks have become an increasingly common form of warfare, with Distributed Denial of Service (DDoS) attacks standing out as one of the most prominent and disruptive methods. While often perceived as a technical nuisance that…
Xanthorox AI: New Automated Hacking Tool Surfaces on Hacker Forums
A new malicious AI tool, Xanthorox AI, has emerged on underground hacker forums. Dubbed the “Killer of WormGPT and all EvilGPT variants,” Xanthorox AI is poised to outpace previous AI-powered cyber tools in its versatility, stealth, and offensive capabilities, making it…
PowerDMARC to showcase email security advancements at RSAC 2025
PowerDMARC, a leading provider of email authentication and domain security solutions, is excited to announce its participation at RSAC 2025 Conference (April 28 – May 1) at the Moscone Center in San Francisco. PowerDMARC will be exhibiting at Booth ESE-01,…
Cyber Attacks make UK SMEs loose £3.4 billion a year
Cyberattacks are a persistent and growing threat that cause significant financial strain to victims, whether public or private organizations. However, recent research by Vodafone has revealed a particularly alarming trend: every year, small and medium-sized enterprises (SMEs) are losing nearly…
Apollo Router Vulnerability Enables Resource Exhaustion via Optimization Bypass
A critical vulnerability (CVE-2025-32032) has been identified in Apollo Router, a widely used GraphQL federation tool, allowing attackers to trigger resource exhaustion and denial-of-service (DoS) conditions. Rated 7.5 (High) on the CVSS v3.1 scale, the flaw impacts users running unpatched versions of…
WhatsApp for Windows Flaw Allowed Remote Code Execution via File Attachments
A critical vulnerability identified as CVE-2025-30401 was recently disclosed, highlighting a major security flaw in WhatsApp for Windows. This issue, which primarily affects desktop application versions prior to 2.2450.6, allowed attackers to exploit mismatched file metadata to execute arbitrary code on unsuspecting…
WhatsApp Vulnerability Let Attackers Execute Malicious Code Via Attachments
A critical vulnerability in WhatsApp for Windows that could allow attackers to execute malicious code through seemingly innocent file attachments. The spoofing vulnerability, officially tracked as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows prior to 2.2450.6 and poses…
PoC Exploit Reveals SSH Key Exposure via Yelp Vulnerability on Ubuntu
Security researchers have uncovered a critical vulnerability (CVE-2025-3155) in Ubuntu’s default help browser Yelp that could expose sensitive system files including SSH private keys. The flaw impacts Ubuntu desktop installations and stems from improper handling of XML content in GNOME’s…
Observability is security’s way back into the cloud conversation
In this Help Net Security interview, Esteban Gutierrez, CISO and VP of Information Security at New Relic, discusses how the adoption of cloud infrastructure is outpacing security readiness. He shares strategies for overcoming common misconfigurations and optimizing access controls in…
Phishing, fraud, and the financial sector’s crisis of trust
The financial sector is under growing pressure from advanced phishing attacks and fraud, causing major financial losses and eroding customer trust. Escalation of phishing attacks While traditional phishing relied on generic emails to steal sensitive data, cybercriminals now use targeted…
Excessive agency in LLMs: The growing risk of unchecked autonomy
For an AI agent to “think” and act autonomously, it must be granted agency; that is, it must be allowed to integrate with other systems, read and analyze data, and have permissions to execute commands. However, as these systems gain…
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below – CVE-2024-53150 (CVSS score: 7.8) – An out-of-bounds flaw in the USB sub-component of Kernel…
Cybersecurity jobs available right now: April 8, 2025
Application Security Engineer (DevSecOps & VAPT) Derisk360 | India | On-site – View job details As an Application Security Engineer (DevSecOps & VAPT), you will integrate security into CI/CD pipelines, conduct vulnerability assessments and penetration testing, and use tools like…
Cyberattacks on water and power utilities threaten public safety
62% of utility operators were targeted by cyberattacks in the past year, and of those, 80% were attacked multiple times, according to Semperis. 54% suffered permanent corruption or destruction of data and systems. (Source: Semperis) Utilities face rising cyber threats…
Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections
In a sophisticated espionage campaign targeting European government and military institutions, hackers believed to be connected with Russian state actors have been utilizing a lesser-known feature of Windows Remote Desktop Protocol (RDP) to infiltrate systems. The Google Threat Intelligence Group…